RealTime IT News

Microsoft Tweaks Problematic Security Patch

Microsoft on Thursday issued a "major revision" to a security patch released earlier this month, warning that it caused a compatibility problem with third party software.

The original patch (MS03-045), included in the company's first monthly advisory, plugged a buffer overrun vulnerability in the ListBox and ComboBox controls that could lead to harmful code execution. The flaw carried an 'important' rating.

However, after the patch was released, Microsoft learned of compatibility issues with third-party products and released a new advisory with updated patches (New patch available here). The company did not say which third-party software had compatibility issues.

"The compatibility problems only affect (certain) language versions of the patch and only those versions of the patch are being re-released," Microsoft said, noting that the new security patches support both the Setup switches originally documented as well as a set of new Setup switches.

The language versions affected include Brazilian, Czech, Danish, Finnish, Hungarian, Italian, Norwegian, Polish, Portuguese, Russian, Spanish, Swedish and Turkish.

The English language version of the patch is not affected.

Additionally, Microsoft said the updated language versions support Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, and Windows 2000 Service Pack 4 in a single security patch.

According to the revised bulletin, the software compatibility issue is unrelated to the security vulnerability previously addressed. "Customers who have applied the patch are protected against the vulnerability discussed in this bulletin," the company assured.